Cyber Incident Victim: KBC Zagreb
Date:
Jun 2024
Location:
Croatia
Summary
A cyberattack targeted the IT systems of KBC Zagreb hospital during early morning hours, disrupting operations. Restoration efforts were underway with expectations for full functionality to resume by the following morning, as confirmed by hospital officials. The incident caused temporary service interruptions while technical teams worked to resolve the compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 27, 2024, a cyberattack targeted the IT systems of KBC Zagreb, Croatia’s largest clinical hospital, during early morning hours. The attack disrupted hospital operations, though specific technical details about the intrusion vector or attacker identity remained undisclosed. Initial reports from HRT’s central news program indicated recovery efforts were underway but incomplete as of the afternoon, with journalist Ruža Ištuk noting residual impacts persisted. Hospital representatives did not immediately clarify the full scope of affected services, but the disruption implied significant operational challenges, given the institution’s reliance on digital systems for patient care, administrative functions, and medical record management. No explicit mention of data theft or ransomware emerged in initial coverage, focusing instead on system availability. By evening, restoration work continued, with officials anticipating resolution within hours.
Milivoj Novak, KBC Zagreb’s assistant director for healthcare quality and supervision, provided an update during the evening broadcast of "Otvoreno" around 22:00 local time, confirming active efforts to restore full functionality. Novak stated the IT system would resume operations that night, projecting normal service would return by the following morning (June 28). The hospital did not disclose whether contingency measures like paper-based workflows were activated during the outage or describe specific clinical impacts, though the timeline suggested urgency in mitigating care disruptions. The incident’s public communication emphasized technical recovery over attribution or patient data compromises. Restoration priorities focused on reactivating core systems without detailing cybersecurity countermeasures or forensic investigations. KBC Zagreb’s reliance on projected recovery timelines indicated a controlled response, though the absence of granular details left the attack’s full technical and operational consequences undefined in available reporting.